The GASS server is as secure as the GRAM gatekeeper. Since the GASS server is run on demand only and uses a random TCP port for access, it is harder to detect and exploit. At the same time, however, it also makes it harder to block access to the GASS server from the router. The limited live cycle of a GASS server and the fact that it runs under a noon-privileged uid (the one executing the job), limit the exposure suffered by the network due to the GASS server.